Patch to prevent integer overflow that might result in out-of-bound
write in memcpy() #240055

Index: libexif/exif-data.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
retrieving revision 1.89
retrieving revision 1.90
diff -u -p -r1.89 -r1.90
--- libexif/exif-data.c	9 May 2007 06:09:05 -0000	1.89
+++ libexif/exif-data.c	10 May 2007 14:32:01 -0000	1.90
@@ -179,7 +179,9 @@ exif_data_load_data_entry (ExifData *dat
 	else
 		doff = offset + 8;
 
-	/* Sanity check */
+	/* Sanity checks */
+	if ((doff + s < doff) || (doff + s < s))
+		return 0;
 	if (size < doff + s)
 		return 0;